Feature #1337
open
VLANs with different MAC address than parent interface
0%
Description
In FreeBSD it is possible to host an vlan(4) with a different mac address from the parent.
This needs the parent interface in promiscuous mode, which at present days is not much of a issue.
Linked report here http://forum.pfsense.org/index.php/topic,34094.0.html.
Possibly an option should be given to people activate this issue.
Updated by Chris Buechler over 5 years ago
- Subject changed from Vlan with different mac address than parent interface to VLANs with different MAC address than parent interface
Updated by Renato Botelho about 3 years ago
- Status changed from New to 13
- Assignee set to Renato Botelho
- Target version set to 2.4.4
Updated by Steve Beaver about 3 years ago
- Status changed from Feedback to 13
James Dekker [6:49 PM]
With SG-5100 and XG-2758 on `2.4.4.a.20180824.1144` (which isn't the latest build, but should include whatever the fix was on `1337`) .. added a VLAN, assigned it as an interface with a static IP on both appliances, enabled the parent interface (no IP set, just enabled so the VLANs could use the interfaces) ... added a allow any rule on the VLAN interface on both pfSense. From either pfSense, I could ping the other. Then on one, I spoofed the VLAN interface mac as `DE:AD:BE:EF:CA:FE`, went to ping and now it fails. Remove the spoofed MAC, pings succeed again.
I his a valid test?
Updated by Renato Botelho about 3 years ago
- Status changed from 13 to In Progress
Updated by Renato Botelho about 3 years ago
- Status changed from In Progress to Assigned
- Target version changed from 2.4.4 to 48
Updated by
Updated by Wik Joh about 1 year ago
It's possible to do this by editing /etc/inc/interfaces.inc and adding the lines below, but it would be nice if it could be done through the UI.
mwexec("/sbin/ifconfig igb0 promisc");
mwexec("/sbin/ifconfig igb0.10 promisc");
mwexec("/sbin/ifconfig igb0.10 ether 00:aa:bb:cc:dd:ee");
Updated by Luiz Souza about 1 year ago
I'm not sure that setting the interface in promiscuous mode is the right thing to do here. There will be performance issues (no more HW filtering).
Please advance with caution.
Updated by Renato Botelho about 1 year ago
- Target version changed from 2.5.0 to Future
Setting the interface in promiscuous mode is not the way to go and without it FreeBSD don't offer a way to make it to work. At least not today. Moving it to Future and we can target it to a version when we have a proper way of doing that